GDPR Principles

All of the principles are equally important. 

As far as the regulator is concerned, each principle has equal importance and applies to all businesses, regardless of size. They also expect your company to be able to show what you are doing to abide by each principle. 

Informing people that you are holding their data and how to exercise their rights is very important but your other obligations under the GDPR still need to be fulfilled.

Even if you have consent to hold data it will be for a specific purpose and for a specific time period. Consent is widely misunderstood as you do not need to have consent to hold data. Even if you do have consent you still need to comply with all of the requirements of the GDPR.

It's a common misconception that you can only hold data if you have a person's consent. This is not true as all the legal basis are equally valid.

So you need to get them all right - all of the time.

That's a lot of plates to keep spinning, which is why your business needs help. You need to understand the relevant policies and processes and take responsibility for your actions. This training is just the beginning.